The tech industry is synonymous with abbreviations, and cyber security is no different.
TLAs (three letter abbreviations), acronyms, other abbreviations and unfamiliar names or terms are the norm.
As a result, in this blog we have collated an A-Z glossary for the world of pentesting. In fact, we’ve split the alphabet to create two blogs, starting with the letters A-M.
So, if you are unsure of command injections, want to know the difference between IDS and JWT or Black Box and White Box testing, then read on.
A – Authentication
Almost every system uses a method of authentication, to maintain data confidentiality. SQL injection can be used to attempt authentication bypass, by convincing a database that a login statement is legitimate.
The most common example is the use of the statement OR 1=1 in a password parameter.
Methods of authentication can include passwords, biometrics, key-based or MFA (multi-factor authentication), all of which have the goal of ensuring that only an authorised person gains access to a resource.
B – Black Box Testing
Most penetration testing can be broken down into either white box or black box testing. These terms are ways of describing how much information a penetration tester has about the target system.
For black box testing, little to no information is provided by a client and a penetration tester is required to test a target in a similar fashion to a cyber criminal.
In the real world, where time costs money, most people opt to conduct white box testing, meaning testers do not have to complete simple actions that take time, but do not offer any real value, for example brute forcing a log in, when it is better to be provided credentials and then test a system.
C – Command Injection
Command injection is typically a web application vulnerability that can include SQL injection, OS injection, LDAP injection.
Ultimately, this vulnerability focusses on an attacker’s ability to submit their own command, which will be executed by the vulnerable service. Most commonly, when referring to Command Injection, people are referring to OS injection, where it is possible to inject commands understood by a server.
Common proof of concepts for this could be a ping request to an attacker-controlled device. Network traffic can then be monitored to see if the victim has attempted to ping the attacker and, if successful, the next step would be to achieve shell access.
D – Data Exfiltration
Data exfiltration is the process of stealing potentially sensitive information from a computer.
The simplest methods to achieve this would be through protocols such as FTP, HTTP or via email.
More advanced techniques can use protocols such as DNS or ICMP to smuggle data out in seemingly legitimate traffic.
E – Encryption
Encryption is the process of converting plain text data into ciphertext, with the goal of protecting it from unauthorised access.
There are two main types of encryption – symmetric and asymmetric:
🔒 Symmetric uses the same key to encrypt and decrypt data
🔒 Asymmetric uses a ‘key-pair’, where there is a public and private key for each person, when sending data:
– the *sender* encrypts to the *recipients* public key
– the *recipient* then decrypts the data with their private key
F – Firewall
A firewall can be a network or host-based system that focusses on incoming and outgoing traffic, and uses specific rules to identify whether it wants to allow it or block it.
Most commonly, firewalls use source and destination ports to understand what traffic is being sent and will act according to its rules.
When hearing the phrase ‘any any’ in the context of a firewall, people are discussing weak rules that are allowing data from any protocol to talk to a computer with any IP address (this is not a good thing, as it means there is no actual filtering happening).
G – GET Request
In web technology, applications will most commonly use POST and GET requests.
GET is an http method that is used to request data from a server. When sending a GET request, parameters will typically be sent via a URL.
This means that it’s not appropriate to send sensitive information via a GET request, as it may be saved in browser history, proxy history, or cached by servers.
H – Hash
A hash is a string of characters created when text has gone through a one-way mathematical algorithm. Once something has been hashed, it cannot be ‘de-hashed’.
Typical uses for hashing are:
🔒 Storing passwords – different operating systems use different hashing algorithms.
🔒 File validation – by creating a hash value of a file, it is possible to provide a method of confirming a file has not been modified (if you download a file and the hash value has changed, then the file has potentially been tampered with).
I – IDS
An IDS – or Intrusion Detection System – is a piece of software that monitors network traffic and will alert a SIEM if it identifies an attack.
It is a passive piece of software that will not stop an attack or protect a company, but will be helpful in starting an incident response process.
If a client has an IDS, it’s not uncommon to whitelist a tester’s IP address during penetration testing, so as not to cause unnecessary alerts and potentially obfuscate a real attack.
J – JWT
A JWT (or JSON Web Token) is a way of providing authentication and authorisation to a web application.
JWTs are made up of three parts:
🔒 Header: defines the type of token and signing algorithm
🔒 Payload: contains the data a pentester would be interested in (username, account privilege etc.)
🔒 Signature: a signature created that will be checked, to make sure that no modifications have happened during transmission.
JWTs can be Base64 decoded to see the information in each of these parts.
K – Key
A key is a piece of data that is used to encrypt or decrypt data.
Instead of using a password, key-based encryption is preferred, as an attacker would need to gain access to the key (which is a file) to be able to decrypt data.
Key-based encryption is commonly used in the SSH protocol, instead of password authentication.
L – Lateral Movement
Lateral movement is the process of moving through a network to gain access to more targets, data, resources.
When a real-world attack occurs, attackers have a ‘breach point’ into a network via their initial attack; however, it is unlikely they will be happy having access to just one device.
Instead, attempts will likely be made to achieve lateral movement, to access servers and domain controllers too.
M – Machine-in-the-Middle
A machine-in-the-middle attack requires an attacker to be able to intercept traffic going between two parties, without either one realising it. This allows the attacker to view all the traffic and potentially see sensitive data. Common MitM attack methods are:
ARP spoofing – where an attacker must be on the same network and uses the ARP protocol to convince a target they are someone else.
DNS spoofing – where an attacker will intercept and redirect DNS requests to a malicious server that will provide fake IP addresses for websites.
Coming soon – part two of our A-Z of pentesting terms.
An A-Z of pentesting terms and abbreviations – Part 2
In this blog post, we continue our A-Z glossary of common pentesting abbreviations, acronyms and terms, from N-Z. Get ready for the likes of OSINT, RFI, YubiKeys and more. And don’t forget, you can catch up on any terms you missed in part one (A-M) here. N – Nmap One...
How to identify and exploit XSS vulnerabilities
What is Cross-site scripting (XSS)? Cross-site scripting (XSS) is a web security vulnerability in which an attacker is able to inject malicious scripts into vulnerable sites and compromise the interaction between the user and the site. Cross-site scripting is what we...
Training, mentoring and the illusion of short-term mentorship
Cyber security is an interesting, fast moving and in demand industry. On the one hand, we are constantly being told there are not enough professionals to fill the need. Yet without clear pathways, it can be challenging to find roles at the beginning of your journey...
Vulnerability Scanning and Penetration Testing
“What is the difference between a vulnerability scan and a penetration test?” It’s something we are often asked by clients who are considering their security and starting to look at ways to protect themselves and their businesses. Vulnerability scans and penetration...